CCH or Commerce Clearing House is one one of several major tax software vendors — they just sent me this email this morning …..

CCH will discontinue support of Microsoft® Windows® 7 in our software products as of November 30, 2019. While we expect that many of our products will continue to function on the Windows® 7 operating system, CCH’s ability to sufficiently test products and diagnose software issues for customers using Windows® 7 will officially end November 30, 2019. For tax customers, this means that our first release of the 2019 tax software, scheduled for early December 2019, will not be officially supported on the Windows® 7 operating system, although it is likely to continue working for some period of time. In addition, customers using Windows® 7 who contact CCH Technical Support may be asked to upgrade their Microsoft® software if their issue cannot be reproduced with currently supported software, or if the problem is determined to be linked to the use of Windows® 7.

Much like Windows® XP, the Windows® 7 operating system was very popular. However, Microsoft® has announced that they, too, will discontinue support for Windows® 7 as of January 14, 2020. Here is a link to their Windows 7 Lifecycle page. We are requesting that customers using Windows® 7 begin upgrading following the mid-April filing deadline so we can continue to provide the high level of support you expect from CCH. We are providing advanced notice in an effort to give our clients ample time to upgrade.

Note: This notice regarding discontinued support for Windows® 7 will have no implications on the upcoming 2018 tax filing season. Additional reminders will be sent out post April 15, 2019.

You may have read the articles going around, starting Saturday afternoon, that claimed the LA Times and other current and former Tribune Publishing newspapers were under active attack by a nation state. That explains why your newspaper may have been late on Saturday.

Except, of course, it’s all hogwash. Now it looks like the LA Times was hit by a garden variety Ryuk ransomware attack. Not to cast shade on the problems with a ransomware attack on a large company, which can be considerable, but the rush to blame the Bad Guys du jour for a diabolical attack is disconcerting. The fact that several other news outlets picked up on the Sky is Falling cry should give y’all pause.

Shortly after Tribune Publishing lost operations and ability to print papers the press highlighted that there was a cyber attack. The attack was highlighted as a targeted attack by a nation-state. This was all related to one anonymous insider at the company telling the media. Thus, early on I, and many others on social media, called for calm and patience while the details became public. The details are still not public and the company hasn’t officially responded but an insider told media sources that the malware used in the attack was Ryuk

So if your Sainted Aunt Martha warns you about them furriners breaking down printing presses in Los Angeleeees, you can smile and go back to sipping egg nog.

Along those same lines… I still haven’t heard of any Internet Explorer-based infections, ones worthy of the way-out-of-band emergency patch on Dec. 19. Remember how the “Windows security experts” were running around in circles, telling people they had to patch IE immediately, or face dire consequences? Yeah. Crickets.

Bug bounty programs — where software bug catchers get rewarded for identifying security holes and disclosing them to the manufacturer — have proven popular and worthwhile, although they do have some downsides.

Bug bounty programs are usually carried out by software manufacturers, who pay to have a chance to fix their mistakes before the bad guys have a chance to clobber their products.

Folks who make open source software don’t have the same presumably-deep pockets as their commercial counterparts. When it comes to bug bounty programs, there’s no bounty to tap.

Enter the European Union. As part of the Free and Open Source Software Audit project, EU will offer bug bounty programs for several Windows products I use all the time — 7-Zip, KeePass, Notepad++, VLC Media Player — and a bunch of products that I may use indirectly, including Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), midPoint, PuTTY, the Symfony PHP framework, and WSO2.

Starting with January, security researchers and security companies can hunt vulnerabilities in these open source projects and report them to the bug bounty programs… in the hopes of a monetary reward, if the bug report is approved and results in a patch.

There is a Japanese new year custom – that your home and your work needs to be clean and tidy – it’s O-souji time. So too should we review our computers to see if they are clean and tidy as they should be. Now there are some uber geeks that feel that the only way to truly “clean” a crusty Windows install is to totally reinstall the operating system. While this is much easier in Windows 10, it still seems a bit extreme to me.

But if that’s your cup of tea (or bottle of Champagne given the time of the year), it means you are much more organized that I am, or you have converted yourself to a totally online/in the cloud technology setup. Before you start reinstalling your operating system ensure you know your installation key codes for the various applications you have. Office – if you have purchased it with a Microsoft linked account can be logged into and reinstalled. Windows 10 can be downloaded and placed on a bootable flash drive. When I reinstalled my Lenovo X1 carbon, I found that I had to go to the vendor’s website and install the bios updates and drivers from Lenovo before my beloved laptop would connect properly to the Internet, hook to cellular and stop showing all those bang “!” in the device manager. Windows 10 is a digital license tied to the hardware and should (operative being should) reactivate without a hitch.

If you need to reinstall Windows 7, it gets much trickier. You can download an iso of Windows 7, or even Windows 8.1 but you need a valid product key, and then a road map to get all the rest of the updates installed. (and hang loose as part of the newly announced Windows Secrets rollout I’m working on a revamped spreadsheet of patches to install and avoid).

If the nuke and reinstall isn’t your thing, there are other ways to O-souji your computer. The first thing I always do this time of year is review if I need a new computer in the first place. If everything is pretty peppy (Spectre patch impact notwithstanding), then I review if there are any minor upgrades that are easy to do. Do I need a better monitor? A new keyboard? (given that if you look at my hardworking computers you’ll see a shiny spot on the space bar and worn off buttons here and there) If everything is not as peppy as it could be can I open up the computer or laptop and easily add ram or a newer SSD? One can easily use cloning software to move your existing software to a new hard drive. If you don’t have a SSD drive, treat yourself with an after Christmas present of an upgrade. It will really make your older system majorly speed up.

Now I start digging into the c drive. Have I backed it up? Do I have a year’s worth of funky downloads, pictures that I don’t remember that need organized, or any other files that would be better off on an external usb hard drive or a NAS unit? I use something like treesize free to review what is hogging my c drive space.

Now I start asking myself if there are better alternatives to my main programs that I can try out. Office alternatives to try out like LibreOffice? How about reevaluating antivirus and just using defender? (really, I truly think a lot of upgrade problems are often caused by out dated antivirus).

Bottom line it’s O-souji time and what are you going to clean up on your computer?

On Dec. 24, while you were all snug in your bed with visions of sugarplums delivering forced upgrades in your head….

Microsoft updated a KB article, KB 4023814, which should add to your general forced-upgrade paranoia. The KB article describes a scenario where Windows Update shows this dialog box

and presumably politely waits for a reply, before installing Win10 1809. That isn’t what the sample dialog box says, but it is what the KB article says.

If you’re currently running Windows 10 version 1507, version 1511, version 1607, version 1703 or version 1709, your computer detects the Windows 10 Update Assistant automatically. Then, you can expect to receive a notification that states that your device must have the latest security updates installed and then initiates an attempt to update your device.

Of course, the update would be to version 1809.

How does it work, exactly? Microsoft hasn’t told us, although the KB article includes a detailed multi-step procedure for avoiding the prompt.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.